From b93ad8615cb3bee1d281bd6bcf2898a227664046 Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Wed, 3 Jan 2024 14:47:17 +0100
Subject: [PATCH] enterprise/providers/rac: create authorize_application event
 when creating token (#8050)

* events: don't log creation of creation token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise/providers/rac: create authorize_application event when creating token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/enterprise/providers/rac/views.py | 9 +++++++++
 authentik/events/middleware.py              | 2 ++
 2 files changed, 11 insertions(+)

diff --git a/authentik/enterprise/providers/rac/views.py b/authentik/enterprise/providers/rac/views.py
index 31a25c721..e50f6ee5b 100644
--- a/authentik/enterprise/providers/rac/views.py
+++ b/authentik/enterprise/providers/rac/views.py
@@ -10,6 +10,7 @@ from authentik.core.models import Application, AuthenticatedSession
 from authentik.core.views.interface import InterfaceView
 from authentik.enterprise.policy import EnterprisePolicyAccessView
 from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint, RACProvider
+from authentik.events.models import Event, EventAction
 from authentik.flows.challenge import RedirectChallenge
 from authentik.flows.exceptions import FlowNonApplicableException
 from authentik.flows.models import in_memory_stage
@@ -43,6 +44,7 @@ class RACStartView(EnterprisePolicyAccessView):
         plan.insert_stage(
             in_memory_stage(
                 RACFinalStage,
+                application=self.application,
                 endpoint=self.endpoint,
                 provider=self.provider,
             )
@@ -90,6 +92,7 @@ class RACFinalStage(RedirectStage):
     def get_challenge(self, *args, **kwargs) -> RedirectChallenge:
         endpoint: Endpoint = self.executor.current_stage.endpoint
         provider: RACProvider = self.executor.current_stage.provider
+        application: Application = self.executor.current_stage.application
         token = ConnectionToken.objects.create(
             provider=provider,
             endpoint=endpoint,
@@ -100,6 +103,12 @@ class RACFinalStage(RedirectStage):
             expires=now() + timedelta_from_string(provider.connection_expiry),
             expiring=True,
         )
+        Event.new(
+            EventAction.AUTHORIZE_APPLICATION,
+            authorized_application=application,
+            flow=self.executor.plan.flow_pk,
+            endpoint=endpoint.name,
+        ).from_http(self.request)
         setattr(
             self.executor.current_stage,
             "destination",
diff --git a/authentik/events/middleware.py b/authentik/events/middleware.py
index 7834bae5e..ea7e6001f 100644
--- a/authentik/events/middleware.py
+++ b/authentik/events/middleware.py
@@ -20,6 +20,7 @@ from authentik.core.models import (
     User,
     UserSourceConnection,
 )
+from authentik.enterprise.providers.rac.models import ConnectionToken
 from authentik.events.models import Event, EventAction, Notification
 from authentik.events.utils import model_to_dict
 from authentik.flows.models import FlowToken, Stage
@@ -54,6 +55,7 @@ IGNORED_MODELS = (
     SCIMUser,
     SCIMGroup,
     Reputation,
+    ConnectionToken,
 )